 I'm attending with day one of GSR 17, and now I'm talking with Marco Berka, Director of Cyber Crime Research from Germany. Great to have you with us. Thank you very much. All right. So you were talking about cyber crimes and just how big a problem is this in the world today? Well, I guess I would give you a number now and say it's that many trillion dollar losses. It wouldn't help anybody because most people and governments and enterprises are interested in how big is the risk for me, what's my individual risk perspective, and I think it's necessary that they go through an individual assessment. You can't do it from the outside, from what perspective. You can say about certain risks within a sector, you can say the financial sector is there are certain risks associated with this, but each and every player needs to go through this assessment. What we're seeing more of today is just malicious actions or people who actually have are just playing games or what exactly are we seeing the focus right now? We see everything. Everything. We see everything at the same time. We see those people that are doing it for political motivation. We see people that are doing it to have financial profits. There's really the whole landscape, and therefore you need to prepare for all those different attacks. There might be a great likelihood, for example, if we're close to an election that there are political purposes when we're looking to the financial sector very often there is a financial interest from the criminals, but it's the whole landscape. Would it be unfair to say that this is the next wave of warfare, that this is the direction we're heading in, that instead of on the battlefield, it'll be in the cyberspace, essentially? Well that's nothing we discussed here, but this debate is definitely going on, and we see that warfare has changed over the centuries. So when you're comparing the conflicts we do have right now with the First and Second World War, you will see that there is a difference in warfare, in the technology that is used. The Tomahawk missile is different from a broad bombing of entire cities. It's more precise. This cyber warfare or the ability to attack another nation through means of cyber is something which people believe is going to be very precise. You don't have to have boots on the ground, the attribution is very difficult. So there is a tendency that people are exploring it. I don't want to, I'm not sure if this is really going to be the next one, and certainly what we see right now might not really be warfare, because if we call this warfare already we're running out of words for what comes next. So what about terrorism? Is that also extreme or too extreme? But ever since terrorist organizations have started to be global, we saw that they were utilizing the internet. In the beginning it was more for fundraising and propaganda, but now they use it for recruitment, they use it for attacks. So there is an involvement of terrorist organization on the internet, and we need to take it serious and we need to make sure that those mechanisms that we're developing, that could be for example legal mechanisms or regulatory, that they also apply on the internet and that we can get them there as well and get hold of them in a less territorialized environment. Is there such a thing as a website or infrastructure that is hack-proof? I would love to say yes in a theoretical environment that might be possible, but the difficulty is that we're running them on very complex systems. You don't want to just have a website, you want to have a website that is dynamic and it works on different operating systems, so if you open it with a phone it looks cool and if you open it with your notebook it looks cool. So even a very simple website that has those features is pretty complex and it's running on servers with operating systems that have millions of lines of code. Something can go wrong there. I used to program, I used to develop software on my own when I was young and good Lord, when I compiled the source code how often did it stop and say there is a mistake here and there and wherever and some you don't even find and you would only find afterwards after a week something went wrong here. So the more complex the systems are, the more likelihood there is that there is something going on. Well, you talked about doing your presentation, spoof websites and people phishing with these fake emails just, this seems to be more and more common, we're hearing more about this every day, just how bad is it out there? We know it for a while, so this is nothing new, so if you're monitoring what's happening in the United States and then in Europe and Asia, it's moving but it's been there for a long time. It is a problem that we're still relying on a technology, I mean email is great, I'm using it myself but it's a rather unreliable means of communication and this is vulnerable to attacks. So if we reduce our lives on email, we'd see fewer attacks, is that what you say? Well you could switch to a more reliable service or you could try to make the email more reliable by for example using encryption but people tend to be lazy and just use the technology that is out there and yeah, it's still a big problem. So I want you to give some tips to regular consumers out there and to companies as well, I think you were doing that in the presentation, let's talk about the consumers first and then to companies out there who could be a victim of a hack. So with regard to both of them, you can basically give them the same advice and say prepare for the attack, prepare that it will happen, so for the private people, for the consumers out there, it might be that somebody gets access to your email. So if you have different email accounts and you're using the same password for all of them and they get into one, they might get into the others as well and they might read your emails and might have access to your photos and things like this, they might delete them, they might encrypt them and ask for ransom, so prepare for it. If you ignore it, it won't help you and for companies it's the same, you need to prepare for it. For a long period of time, we try to prevent attacks and say let's make sure that they don't happen. It's better to say I prepare for them and I be prepared if something happens, be realistic that it will happen. You talked about whether a company should pay a ransom, what advisers should you give? I don't want to give an advice without knowing the concrete case. There are situations where the people in charge for taking the decision explain to me that this was the best decision they've ever made to pay a ransom. There are people who told me the same story and they found out it was not, so it's very difficult to take this decision. There are great risks associated with paying because you have to get a certain degree of certainty that this will not be a never-ending story and they will come back every other day. It's nothing where I would be able to give an advice remotely. So this is just going to be a way of life going forward, we just have to accept it that this is where we are, cybercrime is going to be a thing. Just like if you're driving a car you might be involved in an accident and cyber security is part of this being online and using those services. Where do you see things in 5-10 years? I'm trying to only answer questions with time periods where I've retired already so nobody can blame me afterwards for being wrong. I really don't want to make a prediction. When you're looking at the development of artificial intelligence and machine learning over the last years it was unimaginable 20 years ago. So I don't want to predict what's going to happen in five years because the speed is exponential. There will be so many things potentially possible like quantum computing and then decrypting messages will be easy but there will be new forms of encryption. So I really can't say I'm following it. I'm following trying to anticipate certain things but five years is way far. So is it scarier than exciting? No, I think that I know there are a lot of people out there in the cyber security field who try to scare to death and they're telling how bad everything is. I am a strong believer that we're living in a fantastic world. It's never been that good. There are so many opportunities. I see the problems. Don't get me wrong. I see the refugee crisis and others but in general we're living in very very good times and the technology is part of that and there are great opportunities. Professor Marco Gerca, thank you so much for talking with us. Very nice meeting you. Enjoy your time in the Bahamas. Pleasure.